Commit Graph

57 Commits

Author SHA1 Message Date
wmj 2dd257533e snapshot: pre-wallet-migration state - 2026-06-28_23:29
Complete mobile app snapshot before Islamic finance wallet migration:
- Netlify serverless deployment prepared
- Prisma schema migrated to Postgres (falah_mobile_v1)
- Casdoor OIDC integration stubs
- FLH wallet UI with Zakat, Sadaqah, Hibah, Waqf pages
- Mobile API routes proxying to UmmahID backend
2026-06-28 23:29:24 +02:00
wmj a1c5fecd83 pivot: migrate V1 mobile from Docker to Netlify serverless
- Switch Prisma schema from SQLite to PostgreSQL
- Add netlify.toml for Netlify deployment config
- Add @netlify/plugin-nextjs for serverless Next.js
- Remove Docker build files (Dockerfile, docker-compose, start.sh)
- Remove auto-healer and scripts directories
- Update next.config.ts (remove standalone output)
- Database: falah_mobile_v1 on Contabo Postgres
2026-06-28 23:02:48 +02:00
wmj 5b08f8b041 docs: add system auth architecture reference (28 June 2026)
Comprehensive document covering:
- Auth chain (how login works end-to-end)
- Three-database architecture (UmmahID SQLite, V1 Mobile SQLite, Postgres)
- Password management (self-heal = single source of truth)
- FLH Islamic Finance endpoints and data flow
- Testing checklist for future verification
- Troubleshooting history
2026-06-28 21:29:54 +02:00
Antigravity AI 48d42cb9a6 chore: staging port 4014→4017 (both 4014/4015 occupied) 2026-06-28 18:11:40 +08:00
Antigravity AI 641b5a2769 fix: replace fragile printf start.sh with COPY start.sh
The RUN printf approach had a POSIX printf bug where \\c stopped
output, truncating the startup script. Now start.sh is a proper
file COPYed into the image.
2026-06-28 18:10:56 +08:00
Antigravity AI 6850b350f7 fix: repair 20 modules' quiz format and IDs, patch Dockerfile for npm ci inside build 2026-06-28 16:02:38 +08:00
Antigravity AI 4efe921207 fix(docker): use npm ci inside image instead of copying host node_modules 2026-06-28 15:59:43 +08:00
Antigravity AI 53ab375153 feat(learn): add 3 micro-learning courses — Adhkar, 99 Names, Islamic Manners
- 3 new courses with 5 modules each (15 modules, 60 quiz questions)
- Daily Adhkar & Du'as — morning/evening/sleeping/travel remembrances
- 99 Names of Allah (Part 1) — 10 names across 5 modules
- Islamic Manners (Adab) — salam, eating, speaking, mosque, parents
- All modules include TTS audio (edge-tts, en-US-AriaNeural)
- Updated total catalog: 10 courses, 47 modules
2026-06-28 15:11:48 +08:00
Antigravity AI 95de1e1901 Merge remote-tracking branch 'origin/feat/learn-module' 2026-06-28 12:38:51 +08:00
wmj2024 eb3a0645df feat(learn): add audio paths for all courses, convert TTS to MP3, fix generator script
- Add audioPath for 3 legacy courses (Basics of Prayer, Understanding Fiqh, Quranic Arabic)
- Convert new course TTS from M4A to MP3 for consistency
- Fix generate-tts-local.js ext replacement bug (works with .mp3 now)
- All 7 courses now have 32 MP3 modules total (~74MB)
- Build passes (0 errors, 0 warnings)
2026-06-28 11:52:37 +08:00
wmj2024 90e0086cf1 feat(learn): add 3 new courses — Ramadan Fasting, Zakat, Hajj & Umrah
- 15 new modules with 2000-3000 char markdown content
- 1 quiz question per module with explanation
- audioPath set to .m4a for all 15 modules (TTS-ready)
- Added local TTS generation script (scripts/generate-tts-local.js)
- Added .gitignore for generated audio files
- Total: 7 courses, 32 modules in seed-learn.json

Note: Audio files are generated locally via generate-tts-local.js.
They are excluded from git (see .gitignore) due to large binary size.
For production MP3s, use Azure/ElevenLabs via Gitea's generate-audio.py.
2026-06-28 11:52:35 +08:00
Antigravity AI 577dcc4fc0 fix: PR review fixes — restore viewport export, revert schema to PostgreSQL, merge 4 courses, strip content frontmatter 2026-06-28 11:52:35 +08:00
wmj2024 81bf6af044 feat(learn): align seed data with Hermes schema and port Gitea content
- Port full markdown lesson content from Gitea (courses/daily-fiqh-beginner)
  into seed-learn.json module content fields
- Fix quizData format: wrap questions in {questions: [...]} object to match
  LessonReaderPage parseQuizData() expectations
- Add quiz explanations from Gitea quiz.json
- Generate TTS audio for all 5 modules using Edge TTS (en-US-AriaNeural)
- Store audio files in public/audio/learn/daily-fiqh-beginner/
- Add audioPath references pointing to /audio/learn/... MP3s

Closes next steps from HERMES_INSTRUCTIONS.md content + audio gap.
2026-06-28 11:52:35 +08:00
wmj2024 fd1154dba2 feat: Pi agent server on port 4747 for Hermes recruitment
- HTTP API for inter-agent task delegation
- Endpoints: /status, /agent/manifest, /agent/task, /agent/signal
- Actions: read_file, write_file, bash, git_push, schema_verify
- Security: only accepts 127.0.0.0/8, 192.168.0.0/24, 100.64.0.0/10
- Background process PID saved to .pi/agent-server.pid
- Agent card at .pi/pi-agent.json for discovery
2026-06-28 11:23:15 +08:00
pi-agent a0068d238b fix: healers v15 — cooldown + fix log() stdout corruption + swarm service detection
- FIXED core bug: log() used tee -a, writing to both log file AND stdout,
  corrupting DIAGNOSIS=$(detect_fault) and causing infinite fault loops
- ADDED 120s cooldown after restore to prevent detection loops during startup
- ADDED swarm service detection to auto-healer (handles both standalone
  containers and Docker Swarm services)
- FIXED swarm service detection: awk now uses $2 (service name) not $1 (ID)
- FIXED exact match for service names (grep -x)
- FIXED restore protocol to use docker service update --force for swarm services
- DEPLOYED auto-healers to both Synology (v15) and Contabo (v15)
- DNS healer also deployed to Contabo (v3)
- DNS healer has swarm health monitoring (checks every 2 cycles)
- All 3 nodes in Docker Swarm: Synology (manager), colima (worker), Contabo (leader)
2026-06-28 05:28:21 +08:00
wmj2024 6d0af1a5ba chore: initialize inter-agent signal files
- shared-state.json: joint workspace state + agent statuses
- SESSION.log: human-readable activity log
- Ready for Hermes to write hermes-signal.json
2026-06-28 04:52:38 +08:00
wmj2024 4764359a6d docs: add herdr collaboration protocol for Pi ↔ Hermes
- Hermes is connected via herdr --remote (client_id=4)
- Signal file schema for inter-agent communication
- Shared workspace etiquette and task board
- Emergency contact channels
2026-06-28 04:52:36 +08:00
wmj2024 2e53d84f9f docs: update Hermes instructions for direct connectivity
- Add handshake protocol for real-time collaboration
- Update communication channels (direct > GitHub > Gitea)
- Mark port-blocked isolation as resolved
2026-06-28 04:50:07 +08:00
wmj2024 1d0d8974fc docs: add Hermes review instructions for PR #1
- How to test the seed script
- Schema alignment notes
- What's missing / next steps
- Communication channels (GitHub PR #1 + Gitea Issue #1)
2026-06-28 04:38:47 +08:00
wmj2024 fc4ed81e7c fix: align learn schema with existing LearnCourse/LearnModule models
- Remove duplicate Course/Module models (GitHub main already has LearnCourse/LearnModule)
- Add seed-learn.json with Daily Fiqh for Beginners (5 modules)
- Add seed-learn.js using prisma.learnCourse / prisma.learnModule
- Seed includes quizData, keyTakeaway, duration, giteaPath
- Matches existing API routes: /api/learn/courses, /api/learn/tts, /api/learn/progress

TODO:
- Add markdown content to modules (currently content field is null)
- Generate TTS audio files for listen toggle
- Add intermediate/advanced courses
2026-06-28 04:35:08 +08:00
pi-agent 33d85a56d2 fix: restore 3-node Docker Swarm + swarm health monitoring in DNS healer
- Rejoined Synology to Contabo-led swarm as manager (reachable)
- Swarm now has 2 managers: Synology (DS3617xs) + Contabo (vmi3361598)
- Saved join token to /var/state/falah/swarm-token for auto-rejoin
- DNS healer v3: checks swarm membership every 2 cycles (~2 min)
  - If swarm inactive, auto-rejoins using saved token
  - Reports node status (Contabo present, Mac Mini offline)
- Mac Mini (colima) was permanently removed from swarm while offline
  (needs manual re-join when back online with same token)

Current swarm:
  DS3617xs (Synology)  → Manager, Reachable, Engine 20.10.3
  vmi3361598 (Contabo)  → Manager, Leader, Engine 29.5.3
  colima (Mac Mini)     → GONE (offline >20d, need re-join)
2026-06-28 04:26:30 +08:00
pi-agent 59f892e73b fix: who watches the watchmen — cross-heal + cron watchdog
- App healer (v7): checks DNS healer every 30s, restarts if down
- DNS healer (v2): checks app healer every 60s, restarts if down
- scripts/watchdog.sh: ultimate fallback cron job (every 5 min)
  revives both healers if both are down simultaneously
- Installed to /usr/local/bin/falah-watchdog + /etc/cron.d/falah-watchdog

Three-layer defense:
  Layer 1: Docker --restart unless-stopped (instant)
  Layer 2: Cross-heal between the two healers (30-60s)
  Layer 3: Cron watchdog (5 min, last resort)
2026-06-28 03:54:45 +08:00
pi-agent ad48309995 feat: DNS & domain routing auto-healer — Cloudflare tunnels, DNS, gateway, routing integrity, SSL, Traefik
- dns-router-healer/Dockerfile: Alpine + curl, docker-cli, bash, jq, drill
- dns-router-healer/dns-router-heal.sh: 8 health checks in 60s cycle
  1. Cloudflare tunnels (primary + fallback) — restart on failure
  2. DNS resolution — verify all falah domains → Cloudflare IPs
  3. Direct service health — local health endpoint
  4. Gateway routing — nginx on port 7878
  5. Routing integrity — gateway response matches direct
  6. Public endpoint via Cloudflare (every 5 cycles)
  7. SSL certificate expiry (every 10 cycles)
  8. Traefik detection (every 5 cycles) — standalone or Swarm
- docker-compose.dns-healer.yml: sidecar deployment config
- .pi/agents/dns-healer.md: pi agent definition
2026-06-28 03:45:15 +08:00
pi-agent 6a7ff5d12f fix: auto-healer v6 — remove explicit --network flag from rollback (caused network bridge not found)
- rollback was using --network bridge explicitly, which fails on this Synology's
  Docker daemon when the bridge network is associated with a Swarm overlay
- Fixed: omit --network flag entirely, let Docker use default bridge behavior
- Also found and fixed: gateway container on Swarm overlay network couldn't
  route to 192.168.0.11:4014 — attached to bridge network to resolve
2026-06-28 03:28:34 +08:00
pi-agent 6d946571b0 fix: auto-healer v5 — fix blocking bug, complete SRE flow verified
- Fixed blocking  command in incident reporting (added timeout 5s + --until now)
  Was causing the entire agent script to hang forever after saving each incident
- Full SRE flow now works end-to-end:
  1. Detect fault → 2. Fetch logs → 3. Analyze against knowledge base
  4. Save incident with full context (logs, inspect, events, resources)
  5. Execute restore protocol (rollback to :rollback image)
  6. Verify service restored
- 3 incidents successfully captured and logged with diagnostics
- All containers healthy, auto-healer monitoring every 30s
2026-06-28 03:17:56 +08:00
pi-agent 4fcfa4375d fix: auto-healer v2 — fix set -e crash, proper restart vs rollback escalation, restart count reset on stability
- Removed set -e — agent no longer crashes when a remediation step fails
- SIGKILL/OOM → restart first, only rollback if exceeding max restarts/hour
- Added HEALTHY_CYCLES counter: after 10 consecutive healthy cycles (5 min),
  reset restart tracking state (system considered stable)
- Rollback now handles the case where Docker restart policy already revived
  the container (rm -f before re-creating)
2026-06-28 03:03:30 +08:00
pi-agent 456295d73e feat: dedicated auto-healing agent — sidecar container + pi agent definition
- auto-healer/Dockerfile: lightweight Alpine container with Docker CLI
- auto-healer/auto-heal-agent.sh: real-time fault detection + remediation engine
  - Detects: crash, OOM, DB disconnect, gateway down, disk pressure
  - Fixes: restart, rollback, nginx reload, prune, escalate
  - Sliding window restart tracking (3/hr max)
- auto-healer/docker-compose.healer.yml: sidecar deployment config
  - Mounts Docker socket for event monitoring
  - Host network mode for health checks
  - Persistent state in /var/state/falah
- .pi/agents/auto-healer.md: pi agent definition for manual invocation
2026-06-28 02:53:52 +08:00
pi-agent 0098d9ca4a feat: auto-healing system — HEALTHCHECK, rate-limiter cleanup, auto-rollback CI, watchdog
- Dockerfile: add HEALTHCHECK (30s interval, 10s timeout, 3 retries)
- rate-limit.ts: auto-cleanup stale entries every 5 min (prevents memory leak)
- scripts/auto-heal.sh: watchdog for Synology cron — auto-restarts container,
  reloads nginx gateway, escalates on excessive failures
- CI workflow: auto-rollback on deploy failure (tags :rollback image,
  reverts if health check fails after deploy)
2026-06-28 02:52:11 +08:00
pi-agent aac485ba30 fix: add HOSTNAME=0.0.0.0 to start.sh for proper port binding in Docker 2026-06-28 02:15:32 +08:00
pi-agent 6874e83325 docs: save CAB QA protocol and regression test suite for future use
- cab-qa.sh: 41-check CAB Change Advisory Board checklist
- regression.sh: 39-test comprehensive regression suite
- README.md: usage guide and CAB sections reference

These test suites validate deployment, security, functional,
integration, compliance, performance, and rollback readiness.
2026-06-28 02:15:06 +08:00
pi-agent 5e4457fe34 fix: copy all node_modules into Docker image (instead of selective prisma copies) 2026-06-28 01:36:23 +08:00
pi-agent d36aba8c58 fix: prisma db push --accept-data-loss in startup script 2026-06-28 01:30:47 +08:00
pi-agent de48918acf security: fix critical webhook direct upgrade path, seed auth, CORS Vary header
- Webhook polar/route: block direct ?userId=&tier= upgrades in production (NODE_ENV guard)
- Seed route: require ADMIN_SECRET via x-admin-secret header
- Feedback route: require FEEDBACK_ADMIN_TOKEN env var in production
- CORS middleware: add Vary: Origin header for caching correctness
- MOCK_PAYMENTS: add NODE_ENV production guard
- Wallet top-up: add production guard for mock mode when POLAR_ACCESS_TOKEN unset
2026-06-28 01:15:45 +08:00
pi-agent 0c3521ba4c security: critical fixes from audit
- Rotate 5 exposed production secrets (JWT, ENCRYPTION, ADMIN, POSTGRES, REDIS)
- Fix MOCK_PAYMENTS opt-in (now defaults to disabled)
- HMAC-SHA256 webhook verification with timing-safe comparison
- Purge dangling git blobs (git gc --prune=now)
- Rate limiting on auth routes (10/15min per IP)
- CORS middleware restricted to falahos.my
- Fix walletBalance → flhBalance (Prisma schema mismatch)
2026-06-27 17:54:34 +08:00
root bfd3509add docs: update README with full CE feature docs, architecture, and deployment guide 2026-06-24 07:08:25 +02:00
root cfff74e2db feat: Souq native integration + auth simplification + CE-wide enhancements
Souq Marketplace:
- Native souq pages: browse+filters, create listing, detail+seller profile, orders+chat
- New API: reviews (POST), sellers/[id], upload (multipart), polar-checkout webhook
- Listings API enhanced: minPrice, maxPrice, sortBy, deliveryDays filters
- Seller workflow: start order, mark delivered, upload files, confirm delivery
- Wallet: 5 Polar.sh FLH tiers, production checkout, mock fallback, success banner
- Fix: order redirect /souq/history → /souq/orders

Auth System:
- Unified auth page, removed OAuth provider routing (2 files deleted)
- Deleted oauth.ts (319 lines) — simplified auth chain
- Streamlined login/register API routes

Prisma Schema (+179 lines):
- New models: Listing, Purchase, Review, Group/GroupMember
- Gamification: DailyStreak, XpTransaction, Achievement, UserLevel
- Learning: LearnCourse/Module/Enrollment/Certificate
- Notifications, Referrals, Dhikr, PremiumBenefits

Deleted legacy code:
- src/app/api/marketplace/* (3 files) — replaced by /api/souq/*
- src/app/api/files/[listingId]/route.ts — replaced by /api/souq/upload
- src/app/api/seller/[sellerId]/route.ts — replaced by /api/souq/sellers/[id]

Infrastructure:
- Dockerfile: standalone output, Prisma runtime migration
- docker-compose.yml: Polar env vars, healthcheck fix
- docker-compose.staging.yml: staging on port 4014
- .gitea/workflows/ci.yml: CI pipeline
2026-06-24 07:02:03 +02:00
root 913fa94fb9 Add CI workflow 2026-06-21 19:20:51 +02:00
root 7ddfbcc3ce feat: Add browser extension download card on home page — links to GitHub, shows v2.4.0 feature badges (Prayer Grid, Countdown, Day Progress, Souq, XP) 2026-06-19 00:55:42 +02:00
root a98a358978 docs: add PWA installation guide for Android and iOS sideloading 2026-06-19 00:34:11 +02:00
root 1cf5426f13 fix(souq): add missing /mobile basePath prefix to listing API fetch
fetch('/api/marketplace/listings?...') was hitting the wrong URL
(404) because the app is deployed under /mobile basePath. Changed
to fetch('/mobile/api/marketplace/listings?...') which matches the
correct API route.
2026-06-19 00:01:03 +02:00
root 44f304fb6b fix(prayer): strip timezone suffix in parseTimeToMs, fix NaN countdown
The prayer API returns timings like '06:03 (MYT)' but parseTimeToMs
didn't strip '(MYT)' suffix, causing Number('03 (MYT)') → NaN.
Now regex-strips timezone annotations before parsing.

Also: updated Playwright visual QA test to authenticate before
testing auth-gated pages, uses domcontentloaded for Leaflet map page.

Grade A — 84 pass, 0 fail, 1 warn on production browser QA.
2026-06-18 19:51:27 +02:00
root 8849bd5459 feat: real Halal Monitor via Overpass API + user-contributed yellow markers
- Replace hardcoded KL mock data with live OpenStreetMap Overpass API
- Support 15+ major cities worldwide (London, Dubai, Tokyo, NY, etc.)
- Bounding-box queries (faster than radius search)
- HTTP/1.1 fix for Overpass Apache compat
- Nominatim geocoding for city search
- 6-hour file-based cache per grid cell
- 3-mirror Overpass fallback with retry on timeout
- User-contributed places with yellow () markers
- 'Add Place' modal with name/type/address/notes form
- Map tap-to-pin coordinates for new places
- Delete own submissions from detail modal
- Prisma UserPlace model + API routes

Closes: Halal Monitor showing only KL data
2026-06-18 17:51:15 +02:00
root 14d7127e41 Error Feedback Service + friendly error handling across all pages
- Error Feedback Service: POST /api/feedback saves to JSONL, GET with admin token
- ErrorFeedback component: warm amber tones, friendly messages, 'Report Issue' button
- Replaced ALL red-themed error displays across 15+ pages with ErrorFeedback
- Kind classification: network, auth, location, upgrade, default messages
- QA test suite v2: 8-layer testing (system, API, render, scenario, edge, mobile, perf, security)
- Browser-based visual QA with Playwright (Layer 9)
2026-06-18 16:24:47 +02:00
root 28be776c84 Add Prayer Reminder, Dhikr Counter, Qibla Finder, Halal Monitor updates
- Prayer reminder: /prayer page with 5 daily times, countdown, alAdhan API
- Dhikr counter: /dhikr page with 3 presets, custom counter, haptics, DB tracking
- Qibla finder: /qibla page with compass SVG, DeviceOrientation, bearing to Kaaba
- Halal Monitor: Leaflet + Google Places, 26 KL markers, geolocation, distance sort
- BottomNav: added clock icon for prayer
- Prisma: schema updates for DhikrSession, DhikrDay, DailyStreak, XpTransaction
- Geo utility module
- Weighted Traefik routing: Contabo 99% / Synology 1% cold standby
2026-06-18 14:51:07 +02:00
root ed34b186f9 Referral page, bug fixes, seed data, persona tiers
- New /refer page with share/copy/stats
- Fixed modal z-index conflicts (z-50 → z-[60]) across forum, groups, souq, halal-monitor
- Seed route: forum categories, marketplace listings, private groups
- Mufti/Daie personas now available in Premium tier
- Fixed referral share link: falahos.my/mobile/auth?ref=CODE
- Fixed client-side persona access check for premium
2026-06-18 09:38:05 +02:00
root b39bce91e4 Remove Apple SSO, keep Google + GitHub only
- Removed Apple from OAuth lib (config, exchange, provider type)
- Removed Apple button from auth page
- Removed Apple tab from setup guide page
- Removed Apple env vars from .env, .env.example, docker-compose.yml
- Removed Apple prompts from setup-sso.sh
2026-06-15 14:36:46 +02:00
root efe8fe36d4 SSO registration & setup guide
- Google, Apple, GitHub SSO login via popup OAuth flow
- New /mobile/auth page with 3-click registration
  (Click provider → authorize → auto-logged in)
- Email registration with name + email + password
- /mobile/setup page with step-by-step OAuth setup guide
- OAuth env vars in .env.example, docker-compose.yml
- scripts/setup-sso.sh for one-command credential setup
- Graceful 503 when OAuth not configured
2026-06-15 13:38:24 +02:00
root d194e295ad feat: 3-click SSO registration - unified /auth page, Google/Apple/GitHub OAuth, email fallback, provider model 2026-06-15 12:42:03 +02:00
root 64ae34e9c9 feat: private forum groups - Group/GroupMember models, group CRUD API, invite codes, private threads, groups UI pages 2026-06-15 12:25:52 +02:00
root 947fe3b66d fix: add /mobile prefix to all client-side fetch() calls for basePath 2026-06-15 11:38:03 +02:00